BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

October, 2010

What’s a Superuser and Why Should I Care?

Posted October 29, 2010    Peter McCalister

Organizations have fundamentally granted too many individuals or automated processes with permanent superuser privileges allowing them complete access to do as they please.

Five Things NOT to Fear this Halloween

Posted October 28, 2010    Marc Maiffret

“Courage is not the absence of fear, but rather the judgment that something else is more important than fear.”   – James Hollingworth The scariest Halloween party I ever attended was a few years ago when some eEye co-workers and friends got together for an October 31st costume themed bar crawl. This was an especially scary…

Tags:
, , , ,

Achieving Secure Multi-tenancy in Public and Private Clouds

Posted October 28, 2010    Peter McCalister

According to an IDC Enterprise Panel survey, the number one concern of companies moving into cloud computing environments is security. Silos of dedicated IT infrastructure built around specific applications, customers, business units, operations, and regulatory compliance are often the result of the dramatic growth in scale and complexity of enterprise IT environments.

adobe

Adobe Reader Remote Code Execution

Disclosed October 28, 2010    Fully Patched
Vendors: Adobe
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:

Indirect Misuse of Privilege and a Response to Adobe Vulnerability

Posted October 27, 2010    Peter McCalister

If you didn’t notice from my previous post on Google’s breach, I’m on a mission to demonstrate that almost every major breach or vulnerability is tied to administrative privileges. The truth is, whether it’s malware, hackers or a vulnerability, chances are it’s very difficult for anyone to deal serious damage without admin rights. So when…

3 Ways to Reduce Help Desk Costs

Posted October 26, 2010    Peter McCalister

It doesn’t matter if your organization’s IT help desk requirements are satisfied in-house or outsourced, there are very tangible costs directly related to the misuse of privilege.

The Value of a Zero-Day Vulnerability Assessment Scanner

Posted October 26, 2010    Morey Haber

Let’s assume your business is near perfect. You have a proven and reliable vulnerability management lifecycle in place and identification of vulnerabilities and patch remediation happens like clockwork. Finding lingering threats or missing patches is a rarity and even your endpoint protection solution never fails catching the latest malware. Like I said, a near perfect…

Tags:
, , , , , , ,
mozilla

Mozilla Document.write DOM Insertion Heap Overflow

Disclosed October 26, 2010    Fully Patched
Vendors: Mozilla
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:

When Legacy Apps Dictate Desktop User Privilege Access

Posted October 25, 2010    Peter McCalister

In an enterprise Windows’ desktop environment, whether a company has 100 or 10,000 seats, the challenge of managing access is fraught with difficulty. Even if an IT administrator can work out how to circumnavigate Windows User Access Controls or how to set a Group Policy for every application, there will invariably still be a legacy…

eEye @ N-Able Partner Summit

Posted October 25, 2010    Chris Silva

Marc and I just returned from the N-able 2010 Partner Summit in Scottsdale, Arizona. While there, we took part in the announcement of N-able’s Remote Audit Manager, a collaboration between eEye Digital Security and N-able. Remote Audit Manager utilizes eEye’s award winning Retina Network Security Scanner to allow MSPs to provide vulnerability assessment, configuration compliance…